def setup_auth(config, userid = None, debug = True):
from arche.security import groupfinder
config.set_authorization_policy(ACLAuthorizationPolicy())
ap = CallbackAuthenticationPolicy()
ap.debug = debug
ap.unauthenticated_userid = lambda request: userid
ap.callback = groupfinder
config.set_authentication_policy(ap)
def setup_security(config, userid = None, debug = True):
from arche.security import groupfinder
config.set_authorization_policy(ACLAuthorizationPolicy())
ap = CallbackAuthenticationPolicy()
ap.debug = debug
ap.unauthenticated_userid = lambda request: userid
ap.callback = groupfinder
config.set_authentication_policy(ap)
config.include('arche.override_perm_methods')
def test_works_with_auth(self, db_session, root):
from kotti.resources import Node
from kotti.security import get_principals
from kotti.security import list_groups_callback
from kotti.security import set_groups
child = root[u'child'] = Node()
db_session.flush()
request = DummyRequest()
auth = CallbackAuthenticationPolicy()
auth.unauthenticated_userid = lambda *args: 'bob'
auth.callback = list_groups_callback
request.context = root
assert ( # user doesn't exist yet
auth.effective_principals(request) == ['system.Everyone'])
get_principals()[u'bob'] = dict(name=u'bob')
assert (auth.effective_principals(request) == [
'system.Everyone', 'system.Authenticated', 'bob'
])
# Define that bob belongs to bobsgroup on the root level:
set_groups('bob', root, ['group:bobsgroup'])
request.context = child
assert (set(auth.effective_principals(request)) == set([
'system.Everyone', 'system.Authenticated', 'bob', 'group:bobsgroup'
]))
# define that bob belongs to franksgroup in the user db:
get_principals()[u'bob'].groups = [u'group:franksgroup']
set_groups('group:franksgroup', child, ['group:anothergroup'])
assert (set(auth.effective_principals(request)) == set([
'system.Everyone',
'system.Authenticated',
'bob',
'group:bobsgroup',
'group:franksgroup',
'group:anothergroup',
]))
# And lastly test that circular group defintions are not a
# problem here either:
get_principals()[u'group:franksgroup'] = dict(
name=u'group:franksgroup',
title=u"Frank's group",
groups=[u'group:funnygroup', u'group:bobsgroup'],
)
assert (set(auth.effective_principals(request)) == set([
'system.Everyone',
'system.Authenticated',
'bob',
'group:bobsgroup',
'group:franksgroup',
'group:anothergroup',
'group:funnygroup',
]))
def test_works_with_auth(self):
session = DBSession()
root = get_root()
child = root[u'child'] = Node()
session.flush()
request = DummyRequest()
auth = CallbackAuthenticationPolicy()
auth.unauthenticated_userid = lambda *args: 'bob'
auth.callback = list_groups_callback
request.context = root
self.assertEqual( # user doesn't exist yet
auth.effective_principals(request),
['system.Everyone']
)
get_principals()[u'bob'] = dict(name=u'bob')
self.assertEqual(
auth.effective_principals(request),
['system.Everyone', 'system.Authenticated', 'bob']
)
# Define that bob belongs to bobsgroup on the root level:
set_groups('bob', root, ['group:bobsgroup'])
request.context = child
self.assertEqual(
set(auth.effective_principals(request)), set([
'system.Everyone', 'system.Authenticated',
'bob', 'group:bobsgroup'
])
)
# define that bob belongs to franksgroup in the user db:
get_principals()[u'bob'].groups = [u'group:franksgroup']
set_groups('group:franksgroup', child, ['group:anothergroup'])
self.assertEqual(
set(auth.effective_principals(request)), set([
'system.Everyone', 'system.Authenticated',
'bob', 'group:bobsgroup', 'group:franksgroup',
'group:anothergroup',
])
)
# And lastly test that circular group defintions are not a
# problem here either:
get_principals()[u'group:franksgroup'] = dict(
name=u'group:franksgroup',
title=u"Frank's group",
groups=[u'group:funnygroup', u'group:bobsgroup'],
)
self.assertEqual(
set(auth.effective_principals(request)), set([
'system.Everyone', 'system.Authenticated',
'bob', 'group:bobsgroup', 'group:franksgroup',
'group:anothergroup', 'group:funnygroup',
])
)
def wrapped(self):
registry = self.layer.registry
# Authentication policy
def groups_callback(name, request):
if name == 'admin_user':
return ['role:manager']
if name == 'editor_user':
return ['role:editor']
return []
authn = CallbackAuthenticationPolicy()
authn.callback = groups_callback
registry.registerUtility(authn, IAuthenticationPolicy)
# Authorization policy
authz = ACLAuthorizationPolicy()
registry.registerUtility(authz, IAuthorizationPolicy)
try:
func(self, authn)
finally:
registry.unregisterUtility(authn, IAuthenticationPolicy)
registry.unregisterUtility(authz, IAuthorizationPolicy)
def test_works_with_auth(self, db_session, root):
from kotti.resources import Node
from kotti.security import get_principals
from kotti.security import list_groups_callback
from kotti.security import set_groups
child = root["child"] = Node()
db_session.flush()
request = DummyRequest()
auth = CallbackAuthenticationPolicy()
auth.unauthenticated_userid = lambda *args: "bob"
auth.callback = list_groups_callback
request.context = root
assert auth.effective_principals(
request) == [ # user doesn't exist yet
"system.Everyone"
]
get_principals()["bob"] = dict(name="bob")
assert auth.effective_principals(request) == [
"system.Everyone",
"system.Authenticated",
"bob",
]
# Define that bob belongs to bobsgroup on the root level:
set_groups("bob", root, ["group:bobsgroup"])
request.context = child
assert set(auth.effective_principals(request)) == {
"system.Everyone",
"system.Authenticated",
"bob",
"group:bobsgroup",
}
# define that bob belongs to franksgroup in the user db:
get_principals()["bob"].groups = ["group:franksgroup"]
set_groups("group:franksgroup", child, ["group:anothergroup"])
assert set(auth.effective_principals(request)) == {
"system.Everyone",
"system.Authenticated",
"bob",
"group:bobsgroup",
"group:franksgroup",
"group:anothergroup",
}
# And lastly test that circular group defintions are not a
# problem here either:
get_principals()["group:franksgroup"] = dict(
name="group:franksgroup",
title="Frank's group",
groups=["group:funnygroup", "group:bobsgroup"],
)
assert set(auth.effective_principals(request)) == {
"system.Everyone",
"system.Authenticated",
"bob",
"group:bobsgroup",
"group:franksgroup",
"group:anothergroup",
"group:funnygroup",
}
def test_works_with_auth(self, db_session, root):
from kotti.resources import Node
from kotti.security import get_principals
from kotti.security import list_groups_callback
from kotti.security import set_groups
child = root[u'child'] = Node()
db_session.flush()
request = DummyRequest()
auth = CallbackAuthenticationPolicy()
auth.unauthenticated_userid = lambda *args: 'bob'
auth.callback = list_groups_callback
request.context = root
assert ( # user doesn't exist yet
auth.effective_principals(request) ==
['system.Everyone']
)
get_principals()[u'bob'] = dict(name=u'bob')
assert (
auth.effective_principals(request) ==
['system.Everyone', 'system.Authenticated', 'bob']
)
# Define that bob belongs to bobsgroup on the root level:
set_groups('bob', root, ['group:bobsgroup'])
request.context = child
assert (
set(auth.effective_principals(request)) == set([
'system.Everyone', 'system.Authenticated',
'bob', 'group:bobsgroup'
])
)
# define that bob belongs to franksgroup in the user db:
get_principals()[u'bob'].groups = [u'group:franksgroup']
set_groups('group:franksgroup', child, ['group:anothergroup'])
assert (
set(auth.effective_principals(request)) == set([
'system.Everyone', 'system.Authenticated',
'bob', 'group:bobsgroup', 'group:franksgroup',
'group:anothergroup',
])
)
# And lastly test that circular group defintions are not a
# problem here either:
get_principals()[u'group:franksgroup'] = dict(
name=u'group:franksgroup',
title=u"Frank's group",
groups=[u'group:funnygroup', u'group:bobsgroup'],
)
assert (
set(auth.effective_principals(request)) == set([
'system.Everyone', 'system.Authenticated',
'bob', 'group:bobsgroup', 'group:franksgroup',
'group:anothergroup', 'group:funnygroup',
])
)
